Innovations and New Features

Xen Project Continues to Innovate

Some Open Source projects reach their stated goals and begin to stagnate. They focus on performance and bug fixing (which is good and appropriate), but innovation slowly grinds to a halt. They have achieved their goal, but they forget a central truth of the IT world: goals always change given enough time.

Xen Project, on the other hand, has remembered that continuous innovation is the life-blood of a project. Having a world-class hypervisor is terrific, but it is not enough for the future. Yesterday's datacenter has given way to internal, external, and hybrid clouds. Servers are now being supplemented by devices embedded in previously dumb objects. Desktops are giving way to tablets, smart phones, and other portable devices.

Xen Project continues to look ahead and ask, "What will tomorrow's compute infrastructure look like? And what functionality will we need to provide to enable it?" This page highlights some of the latest innovations proceeding in the project. Make sure you check back periodically to see some of the more interesting new work going on.

Some of the Project's Hottest Works in Progress:

Security

Most organisations embrace the cloud today, with the speed and flexibility of as-a-service offerings proving irresistibly attractive. Even those who believe their organisations should remain stubbornly out of the cloud will often find cloud services in use somewhere within their own networks. One commonly-cited issue with corporate cloud use is security. The Xen Project is continuously improving security related operations as well as functionality.

A few weeks ago, Citrix and Bitdefender launched XenServer 7 and Bitdefender Hypervisor Introspection, which together compose the first commercial application of the Xen Project Hypervisor’s Virtual Machine Introspection (VMI) infrastructure. In this article, we will cover why this technology is revolutionary and how members of the Xen Project Community and open source projects that were early adopters of VMI (most notably LibVMI and DRAKVUF) collaborated to enable this technology.

In part four of this four-part series, Xen Project Advisory Board Chairman Lars Kurth takes a closer look at the Xen Project’s Security Policy and its evolution from its inception in 2011 to today and what it means for IT teams. Read Part 3: Are Today’s Open Source Security Practices Robust Enough in the Cloud Era?

Unikernels

One of the hottest topics in the future of the cloud is Unikernels. Xen Project has been at the forefront, sponsoring the work of the Mirage OS team in our Incubator, supplying Mini-OS as a jumping-off point for developers, and improving the hypervisor so that it can handle many small unikernel-based VMs in the future.

Traditional operating systems run multiple applications on a single machine, managing resources and isolating applications from one another. A unikernel runs a single application on a single virtual machine, relying instead on the hypervisor to isolate those virtual machines. Unikernels are constructed by using “library operating systems,” from which the developer selects only the minimal set of services required for an application to run. These sealed, fixed-purpose images run directly on a hypervisor without an intervening guest OS such as Linux.

Xen Automotive

Is your car your next hypervisor? With the Xen Automotive subproject it will be! Much work is being done to bring the Xen Project Hypervisor into the infotainment system of your next-generation vehicle.

As modern ARM SoCs become faster and faster, they are now capable of performing the same high­load tasks that desktop PCs were performing a few years ago, such as HD video playback and high­speed graphic rendering. The structure of an ARM SoC is also now quite complicated. In addition to containing a CPU module or modules, it also includes several peripheral modules (e.g., UARTs, Wireless, HDMI ports, etc.) and co­processors that are designed to help with high­load tasks like Graphic Processor Unit (GPU) or Video Processor Unit (VPU) are assembled together with the main CPU on almost all modern ARM SoCs that are designed for mobile and automotive markets. The article will cover few aspects of sharing such coprocessors when running Xen on embedded SoC.

As we all know, one of the most common sources of OS crashes are hardware drivers and the issues with them. On systems with visualization, it seems logical to create a separate domain and place hardware drivers (or at least the buggiest of them) there. One of the most significant tasks of creating a system with such a driver domain is to correctly provide it with resources (e.g., IO memory, IRQs). The main idea of passthrough described in the paper is to grant access for DomD through Dom0.

The paper analyzes the latency of OS scheduling for symmetric and asymmetric multi-processing support cases – as well as incoming packet handling in Xen – using default credit and real-time schedulers. It also demonstrates how the real-time scheduler affects latency. With RT-Xen support, most of the incoming packets are predictably handled within 1 millisecond with a small overhead at the destined guest OS, which is a feasible time bound for most soft real-time applications.